šŸ›”ļø ARAVM Security Report

Adversarial Robustness Analyzer for Vision Models

Generated: 2026-02-07 11:51:24

šŸ“Š Executive Summary

Input Image: cat.jpg

Model: ResNet-50 (ImageNet)

Original Prediction: Class 281

Original Confidence: 24.42%

100 Vulnerability

Risk Level:

šŸ”“ CRITICAL

āš”ļø Attack Effectiveness Summary

FGSM Attack

100%

Misclassification Rate

Lāˆž = 0.0300

PGD Attack

100%

Misclassification Rate

Lāˆž = 0.0300

Patch Attack (ROA)

100%

Misclassification Rate

L2 = 40.15

šŸ–¼ļø Visual Analysis Dashboard

ARAVM Dashboard

Original → FGSM Attack → Patch Attack → Perturbation Magnified

šŸ”„ Gradient Heatmap Analysis

Heatmap Comparison

Shows how the model's attention shifts under adversarial attack

šŸ“ˆ Noise Intensity Analysis (FGSM)

Testing model robustness across different perturbation budgets (ε)

Perturbation (ε) Predicted Class Confidence L2 Distortion Status
ε = 0.01 285 41.06% 3.880 āœ— FOOLED
ε = 0.03 285 47.81% 11.639 āœ— FOOLED
ε = 0.05 285 47.96% 19.397 āœ— FOOLED
ε = 0.10 285 30.52% 38.729 āœ— FOOLED
ε = 0.20 285 5.62% 69.611 āœ— FOOLED

šŸ“ Detailed Robustness Metrics

100%
Clean Accuracy
0.4643
Avg Confidence Change (FGSM)
12.1406
Avg Confidence Change (PGD)
7.93
Avg L2 Distortion (PGD)

šŸ›”ļø Defense Effectiveness

Testing defensive preprocessing against PGD attack

Defense Method Confidence Recovery Status
No Defense 11.66% āœ— Still Fooled
Jpeg 26.36% āœ— Still Fooled
Spatial Smoothing 4.09% āœ— Still Fooled

šŸ’” Security Recommendations & Best Practices

šŸ”§ Technical Configuration

FrameworkARAVM (Adversarial Robustness Analyzer for Vision Models)
Target ModelResNet-50 (ImageNet pre-trained, 1000 classes)
Attack LibraryIBM Adversarial Robustness Toolbox (ART) v1.20+
InterpretabilityCaptum (Integrated Gradients)
Patch AttacksROA (Rectangular Occlusion Attack) from phattacks
FGSM Epsilon0.03 (default), tested range: 0.01 - 0.30
PGD Iterations40 steps, step size α = 0.01
Patch Size50 Ɨ 50 pixels